~Open Source Security Tool of the Day~

#osstotd

BadZure

BadZure orchestrates the setup of Azure Active Directory tenants, populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths.

https://github.com/mvelazc0/BadZure

~Open Source Security Tool of the Day~

#osstotd

Sniffnet

Application to comfortably monitor your network traffic
Multithreaded, cross-platform, reliable

https://github.com/GyulyVGC/sniffnet

~Open Source Security Tool of the Day~

#osstotd

Offensive AI Compilation

A curated list of useful resources that cover Offensive AI.

https://github.com/jiep/offensive-ai-compilation

~Open Source Security Tool of the Day~

#osstotd

BBOT

BBOT is a recursive, modular OSINT framework inspired by Spiderfoot and written in Python.
Capable of executing the entire OSINT process in a single command, BBOT does subdomain enumeration, port scanning, web screenshots (with its gowitness module), vulnerability scanning (with nuclei), and much more.

BBOT currently has over 70 modules and counting.

https://github.com/blacklanternsecurity/bbot

~Open Source Security Tool of the Day~

#osstotd

Faraday

### Open Source Vulnerability Manager

Security has two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve remediation efforts. With Faraday, you may focus on discovering vulnerabilities while we help you with the rest. Just use it in your terminal and get your work organized on the run. Faraday was made to let you take advantage of the available tools in the community in a truly multiuser way.

Faraday aggregates and normalizes the data you load, allowing exploring it into different visualizations that are useful to managers and analysts alike.

https://github.com/infobyte/faraday

~Open Source Security Tool of the Day~

#osstotd

reconFTW

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities.

https://github.com/six2dez/reconftw

~Open Source Security Tool of the Day~

#osstotd

uncover

Quickly discover exposed hosts on the internet using multiple search engines.

uncover is a go wrapper using APIs of well known search engines to quickly discover exposed hosts on the internet. It is built with automation in mind, so you can query it and utilize the results with your current pipeline tools.

https://github.com/projectdiscovery/uncover

~Open Source Security Tool of the Day~

#osstotd

OSV-Scanner

Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.

OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them. Since the OSV.dev database is open source and distributed, it has several benefits in comparison with closed source advisory databases and scanners:

- Each advisory comes from an open and authoritative source (e.g. the RustSec Advisory Database.
- Anyone can suggest improvements to advisories, resulting in a very high quality database
- The OSV format unambiguously stores information about affected versions in a machine-readable format that precisely maps onto a developer’s list of packages

https://github.com/google/osv-scanner

~Open Source Security Tool of the Day~

#osstotd

Nosey Parker: Find secrets in textual data

Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data. It is useful both for offensive and defensive security testing.

**Key features:**

- It supports scanning files, directories, and the entire history of Git repositories
- It uses regular expression matching with a set of 60 patterns chosen for high signal-to-noise based on experience and feedback from offensive security engagements
- It groups matches together that share the same secret, further emphasizing signal over noise
- It is fast: it can scan at hundreds of megabytes per second on a single core, and is able to scan 100GB of Linux kernel source history in less than 5 minutes on an older MacBook Pro

https://github.com/praetorian-inc/noseyparker

~Open Source Security Tool of the Day~

#osstotd

Nuclei

Fast and customisable vulnerability scanner based on simple YAML based DSL.

Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks.

We have a dedicated repository that houses various type of vulnerability templates contributed by **more than 300** security researchers and engineers.

https://github.com/projectdiscovery/nuclei